Check Your SWF for Vulnerabilities

Yesterday, HP’s Web Security Research Group released HP SWFScan, a free security tool that helps developers find security vulnerabilities in applications developed with the Flash Platform.

When HP was developing this application, they tested about 4,000 SWF files and found the following issues to be the most alarming:

  • 16% of SWF applications targeting Flash Player 8 and earlier have XSS vulnerabilities
  • 77% of SWF applications targeting Flash Player 9 and 10 contain developer debugging information and source code file references
  • 35% of all SWF applications violate Adobe’s security best practices

HP’s SWFScan will help you identify these vulnerabilities before your application goes live. SWFScan will analyze any SWF file regardless of the Flash Player version for which it was targeted or version of ActionScript with which it was authored.

The Devnet article about this solution has more information and a link to the free download.